At 19:40 2004-01-02 +0100, you wrote:
>On 02.01.2004, at 18:58, Michal Cech wrote:
>
>> I set LAN (rl0): 10.10.10.100/24
>>
>> I add IP alias on LAN interface
>> ifconfig rl0 inet 10.10.20.100/24 alias
>>
>> ...
>> PC 10.10.10.1 ---> 10.10.10.100 OK
>> PC 10.10.20.1 ---> 10.10.20.100 TIMEOUT !!!!!
>> ----------------------------------------------------
>> ???????????????????????????????????????????????
>> WHY NOT WORK ALIAS ON LAN ???
>
>BECAUSE M0N0WALL HAS NOT BEEN DESIGNED FOR IP ALIASES! </capslock>
>Seriously, what makes you think you can just enter some BSD command and
>then expect it to work? m0n0wall is a firewall, remember?, and your
>problem is that the filter rule generator automatically adds
>anti-spoofing rules for each interface. It obviously doesn't know about
>the alias you added to the LAN interface with ifconfig, so your packets
>are being blocked by the anti-spoof rule for LAN. It works on WAN
>because there the anti-spoof rules only need to block packets that
>claim to be from LAN or one of the optional subnets.
>
>Anybody making changes to m0n0wall through other means than the webGUI
>is definitely on his/her own and doesn't need to complain if it doesn't
>work as expected. Remember that sentence in red on exec.php? "Note:
>this function is unsupported. Use it on your own risk!"
>
>- Manuel
>
Well spoken!
I actually am designing a system allowing a private and a public adress on
LAN but the firewall had to be chopped into pieces to make it work. That's
another story and requires a lot of hacking in the /etc/inc and is NOT
RECOMMENDED if you don't know what you are doing. I worked with BSD for 1
1/2 year before I started on this and I still make regular visits to
freebsd.org to find references and man is my best friend.